Even as worries grow about foreign investors encroaching on the Canadian oil patch, other fears are mounting: Cyberattacks targeting Canada’s oil-and-gas industry and other major energy firms around the globe are occurring with disquieting frequency.

Last March, three confidential ‘amber’ alerts were issued by the U.S. Department of Homeland Security warning of attacks against U.S. and Canadian natural gas pipeline companies.

Most Canadian companies … are taking this threat seriously

In September, Telvent Canada Ltd., a company that helps manage 60% of all oil and gas pipelines in the Western hemisphere, experienced a mysterious cyberattack that compromised its security systems and internal firewall.

The industry is acknowledging potential problems.

“Hacking groups of all sorts from different places attack the Canadian energy industry hoping to disrupt operations, steal intellectual property, commit fraud or steal services,” said Travis Davies, a spokesman for the Canadian Association of Petroleum Producers.

“Most Canadian companies … are taking this threat seriously. Many have specialized security personnel. CAPP has a cyber security working group where member companies that have robust security programs can share best practices and non-competitive intelligence with others that may not.”

Related

The Telvent attack, thought to be the work of Chinese hackers known as the Comment Group, resulted in malicious software being installed on company machines and in project files being stolen. One of the stolen items helps energy firms mesh older IT assets with more advanced “smart grid” technologies, according to cyber security expert Brian Krebs.

A report released by the Toronto-based Citizen Lab three years ago found that Chinese cyber espionage is a major global concern. Chinese authorities have made it clear that they consider cyberspace an important strategic domain which helps offset the military imbalance between China and other countries.

“China is unmatched in its cyber watching activities,” said Dr. Ron Deibert, director of the Canada Centre for Global Security Studies at the University of Toronto. The Canadian government, however, has not blamed Chinese hackers for recent incidents.

Telvent reassured customers in a letter on Sept. 10 that “all virus or malware files have been eliminated.” The company later released a statement outlining that its customers had taken recommended actions “with the support of our Telvent teams” and that “Telvent is also actively working with law enforcement, security specialists and our affected customers to ensure this breach has been contained.”

'Electronic Pearly Harbour'

The phrase is a common refrain in U.S. intelligence circles — the hypothetical scenario in which a catastrophic attack on key U.S. economic interests in cyberspace, including energy and power infrastructure, that could cripple the U.S. economy.

“Stuxnet is regarded as one of the most sophisticated, publicly known cyberattacks to date,” says a report by the James Baker III Institute for Public Policy of Rice University. “It should send a clear message that most critical infrastructure is vulnerable to cyberattack.”

In a white paper, anti-virus software company McAfee Inc. also highlighted the Night Dragon attack — co-ordinated covert and targeted cyberattacks that were conducted against global oil firms in 2009.

“Attackers using several locations in China have leveraged command and control servers on purchased hosted services in the United States and compromised servers in the Netherlands to wage attacks against global oil, gas, and petrochemical companies, as well as individuals and executives in Kazakhstan, Taiwan, Greece, and the United States to acquire proprietary and highly confidential information,” the white paper says.

Clearly, well co-ordinated, targeted attacks such as Night Dragon, orchestrated by a growing group of malicious attackers committed to their targets, are rapidly on the rise, McAfee said. “These targets have now moved beyond the defense industrial base, government, and military computers to include global corporate and commercial targets.”

Ulf Lindqvist, who manages research and development at SRI International, a research institute in California, said cyberattacks are a growing threat to the energy industry.

“I can’t speculate on threat actors or their motives, [but] a cyberattack of critical infrastructure could have serious consequences. An attack could have bad consequences for the company [even when] no one gets physically hurt,” Mr. Lindqvist said. “We’re seeing more collaboration by energy companies in the field of cyber security, which is good. It’s key because security is not their [the energy sector’s] core business — they’re not supposed to be experts on cyber security.”

Beyond North America, the international energy sector has been targeted through several attacks in recent months.

On Aug. 15, Saudi Aramco, Saudi Arabia’s state oil producer, was hit by a computer virus planted by the Arab Youth Group, a previously unknown activist organization that infected 30,000 computers and warned Saudi rulers that they will face “more severe action” if they “continue to betray the nation.”

The Saudi government’s perceived close ties to the U.S. and Israel were cited by the group as being the reason for targeting the Saudi company.

And on Aug. 27, RasGas Co., a Qatar-based producer and shipper of liquefied natural gas, was targeted by a malware attack that disabled the company’s email and website.

Both incidents are believed to be part of broader, growing activist campaigns against energy companies serving Western customers that may increase in the future.

The cyber threat in Canada’s oil patch could be exacerbated by a recent decline in IT and other capital spending. Though Canadian oil and gas companies will remain among the biggest capital spenders in the world, according to a Barclays Capital Inc. survey published last month, budgets were expected to fall about 9.5% in 2012 compared to 2011 levels, with 2013 spending forecast not to change.

Ottawa has recently acted against the growing threat of cyberattacks on companies and businesses here. Public Safety Minister Vic Toews announced in October that national spending on cyber security is to double to $155 million during the coming five years. The announcement preceded a report about cyber concerns in Canada by the auditor-general that found many government partnerships expected to have been established were not enacted and that coverage of networks is incomplete.

Jessica Slack, a spokeswoman for Public Safety Canada, which oversees the Canadian Cyber Incident Response Centre, said, “Of the $155 million [allocated], CCIRC received $13.4 million over five years.” The extra funding, she said, will enable CCIRC to extend its hours of full operation and ensure that at all times, experts from CCIRC are available to deal with emergency situations.